Security starts in the server room
In the digitalized society, cyber security is a much-discussed term. Current attacks and threats make cybersecurity one of the most important topics, and not only for the IT department. Recent incidents, such as the Exchange attack or the data center fire in France, have shown how different threats to IT systems can be. And how important a holistic view of IT security is. Threats in the virtual world are diverse – from human and technical error to malicious attacks and forces of nature.
Moderated by Martin Szelgrad (Telekom & IT Report), Peter Reisinger from EPS and Gerlinde Macho and Manfred Pascher from MP2 IT-Solutions spoke with Klaus Veselko (Managing Director of CIS – Certification & Information Security Services GmbH) and Ralf Ebenig (Data Center Planning) about current requirements and security concepts for companies. The online expert talk took place on 15. March with numerous listeners. What became clear above all: the dimension and importance of the topic of cyber security.
All experts agree on one thing: A holistic approach to IT security is needed in every company. For those who rely on their own data center instead of migrating to the cloud, it is important to incorporate security concepts into the planning phase. “Safety starts with the question of location. For example: What risks and events can have an impact – from the forces of nature to human threats. The data center standard DIN EN 50600 applies as an orientation and guideline,” emphasizes Ralf Ebenig from RZ-Planung.
EPS Electric Power Systems is familiar with the complex requirements for data center operators. The long-standing experts in the construction and maintenance of individual server room solutions regard the data center infrastructure as a holistic system. Many trades, such as power supply, air conditioning and security technology , have to work together properly to ensure the desired level of protection. For Peter Reisinger of EPS, this is an achievement that is hardly feasible without many years of experience and therefore belongs in the hands of professionals: “After all, the data center is the heart of a company and its operational reliability.”
With all the measures and safety precautions, companies often have to adhere to tight budgets. This is why decision-makers often ask themselves the cost-benefit question. Reisinger recommends keeping in mind the consequences of an IT failure for one’s own business and the costs associated with it.
Protection of technical and non-technical systems
Manfred Pascher, Managing Partner of MP2 IT-Solutions, mentioned a survey from 2020 at the expert talk. One in four companies in Austria is already affected by cyberattacks. Of these, more than 25% had long-term problems with data loss and the maintenance of the business process – keyword business continuity. After all, many do not know that they have been attacked – in almost 20% of cases, attacks were detected by chance, according to Pascher. In the meantime, IT security awareness has rightly become established, so that the question is no longer whether such an incident occurs, but when and what consequences companies can expect. Preventive measures require a holistic view of IT security – i.e. also an awareness of possible threats and risks. “This starts with the physical protection of the data center and the IT systems and tools to the organizational measures and thus the involvement of all users,” says Pascher.
In addition to the classic software-side security measures such as virus protection, firewall, encryption and data backup, there are many interesting protective measures, from easy-to-set DNS filters to sophisticated SIEM solutions (Security Information and Event Management) that monitor the entire network for anomalies and enable timely response. It is important to combine the existing tools correctly in order to get the best benefit from them . In combination with sensible organizational measures, there are simple measures for every company size and budget to increase security considerably.
The human being as a security gap and sensor at the same time
When talking about cybersecurity, many people only think of the technical part. In addition to physical and technical safety, the role of humans in practice is usually underestimated. But they are employees who are users of a system. They can be a target of attack and a factor of uncertainty. And conversely, they are also security levers if they recognize threats and react to them quickly and correctly. “Many mistakes happen at the organizational level, for example due to improper use or when threats are not reported in time,” says Gerlinde Macho from MP2 IT-Solutions. “In an emergency, everyone must know what to do and who to contact. Preventive measures must be taken to achieve this.” Helpful tools include internal hotlines, guidelines, checklists as well as regular emergency drills and ongoing security awareness. The topic has become particularly important in the home office. Macho appeals to act across departments and, for example, to see the standard for information security as a consistent guideline.
IT security is a question of corporate culture – standards and norms are the basis
Here, too, the experts agree that it is no longer a question of whether something could happen, but when it will happen. But this is exactly where standards can help. Certification according to the internationally recognized ISO 27001 standard for information security is not just an end in itself. This can serve as a guideline and checklist for use in business practice to ensure more security in IT. In addition to the information security standard, the use of the EN 50600 data center standard has steadily increased in recent years.
Cyber security encompasses organizational and technical measures from infrastructure and networks to servers, data, mobile devices and awareness raising. The experts examined the extensive topic from different perspectives. The aim is to take a holistic view of cyber security in practice in order to create realistic solutions for companies. Norms and standards are important instruments that support this. The fact that a holistic view of cyber security is important was something the five experts agreed on at the online talk on 15 September. March.
Availability class, demand and risk analyses
EPS has been active in the field of planning and implementing high-availability server room solutions for over 20 years. In detail, the company comprises the following areas:
- Server room consulting, planning & construction
- Safety power supply with UPS and emergency generators
- Air conditioning & heating
- Fire suppression by fire prevention or extinguishing systems
- Structured Data Cabling & 19″ Racks
- DIN EN 50600 Checks
- Energy efficiency analyses
- Service, maintenance and support
